Session chaos Solution

After knowing the cause of session confusion, we will know the root cause of the problem. At the same time, many problems are raised:

1. How to record online staff (only account system users, excluding visitors );

2. How can I restrict the same account from logging on to the system only once within the same period of time?

3. How do I restrict different users from logging on to the system on the same machine?

4. How do administrators kill people?

First, let's analyze the above problems:

First, after the user successfully logs on to the system through authentication on the server side, we record the user information (onlineusermanager. Java), including the account, login date, IP address of the machine,Session ID,Session Object. (Remember that the session ID is extremely important, because the server identifies the session according to the ID. If the IDs are the same, the server considers the session as the same user );

(Problem 1 solved above)

In this way, when a user logs on to the system, we first determine whether the user has logged on to the system based on the account. If the user has logged on, the system prompts the user. (This solves the problem. 2)

If you have not logged in, check whether the user's session ID is already in the user's onlineusermanager.

Close the current window and click IE to open a new browser window. (In this way, the session will not be chaotic ).

If you want to restrict different users to log on to the system on the same machine? This depends on the IP address. If onlineusermanager is in

If a user logs on to the system through this machine, the system prompts that the user can log on to only one account on the same machine;

(Problem 3 solves this problem. Note: if the user uses a proxy server, this method is invalid. This method is suitable for management users who use it in the LAN, and each customer has a fixed IP address .)

Question 4 How do I kick people? You think onlineusermanager records the user session object, as long as you find the corresponding

Session object, and then session. invalidate (); in this way, we can thoroughly put the troubled people into the system.

 

==================== It is important to note that onlineusermanager must be thread-safe = My implementation is as follows ============ ====

Package COM. work. qxgl. login; import Java. util. vector; import Org. apache. commons. logging. log; import Org. apache. commons. logging. logfactory; import COM. work. util. dateutil;/*** count the number of online users. The premise is that only one user can log on to the system once. With this function, the administrator can manage online users. If they do not obey the management, they can be kicked out of the system. * Todo puts JSP behind the WEB-INF, and then all URLs must be called through struts action. Use Interceptor to control permissions! * You can also use filters in the Web to control permissions! Implement permission management system log record! ** @ Author wangmingjie **/public class onlineusermanager {Private Static log = logfactory. getlog (onlineusermanager. class); Private vector <onlineuser> Users = NULL; private onlineusermanager () {users = new vector <onlineuser> (); // initialize} static class singletonholder {static onlineusermanager instance = new onlineusermanager ();}/*** Singleton mode in the constructor. This is simple and thread security can be ensured. ** @ Return */public static onlineusermanager getinstance () {return singletonholder. instance;}/*** get the number of logged-on users. ** @ Return */Public synchronized int getcount () {users. trimtosize (); Return users. Capacity () ;}/ *** use the user account to determine whether the user exists! Thread security must be ensured. ** @ Param useraccount * @ return */Public synchronized Boolean existuser (string useraccount) {users. trimtosize (); Boolean existuser = false; For (INT I = 0; I <users. capacity (); I ++) {If (useraccount. equals (onlineuser) users. get (I )). getuseraccount () {existuser = true; break;} return existuser;}/*** @ Param sessionid * @ return */Public synchronized Boolean existsession (string sessionid) {users. tr Imtosize (); Boolean existuser = false; For (INT I = 0; I <users. capacity (); I ++) {If (sessionid. equals (onlineuser) users. get (I )). getsessionid () {existuser = true; break ;}} return existuser ;} /*** delete user ** @ Param useraccount * @ return */Public synchronized Boolean deleteuser (string useraccount) {users. trimtosize (); If (existuser (useraccount) {int curruserindex =-1; for (INT I = 0; I <users. capaci Ty (); I ++) {If (useraccount. equals (onlineuser) users. get (I )). getuseraccount () {curruserindex = I; break ;}} if (curruserindex! =-1) {users. remove (curruserindex); users. trimtosize (); log. debug ("user" + useraccount + "Exit System" + dateutil. getcurrentdatetime (); log. debug ("number of online users:" + getcount (); Return true ;}} return false;}/*** according to the user account, get online user information * @ Param useraccount * @ return */Public synchronized onlineuser getuser (string useraccount) {users. trimtosize (); If (existuser (useraccount) {int curruserindex =-1; for (INT I = 0; I <users. cap Acity (); I ++) {If (useraccount. equals (onlineuser) users. get (I )). getuseraccount () {curruserindex = I; break ;}} if (curruserindex! =-1) {return users. Get (curruserindex) ;}} return NULL ;}/ *** get the information of online users. ** @ Return */Public synchronized vector <onlineuser> getonlineuser () {return users;} public synchronized void adduser (onlineuser) {users. trimtosize (); If (! Existuser (onlineuser. getuseraccount () {users. add (onlineuser); log. debug (onlineuser. getuseraccount () + "/T log on to the system/t" + dateutil. getcurrentdatetime (); // obtain the user's IP address and other information through the request} else {log. debug (onlineuser. getuseraccount () + "already exists");} log. debug ("number of online users:" + getcount ());}}

 

 

========================= Onlineuser. java ==============================

Package COM. work. qxgl. login; import Java. io. serializable; import javax. servlet. HTTP. httpsession;/*** @ author wangmingjie * @ date 04:56:37 */public class onlineuser implements serializable {/***/Private Static final long serialversionuid = 5461473880667036331l; private string userid; // user idprivate string useraccount; // user account private string username; // user name private string logintime; // logon timestamp private string sessionid; // session idprivate string userip; // ip address private httpsession session; // remember the session object and test whether the object can be used to kick a person out of the system Public String getuserid () {return userid ;} public void setuserid (string userid) {This. userid = userid;} Public String getuseraccount () {return useraccount;} public void setuseraccount (string useraccount) {This. useraccount = useraccount;} Public String GetUserName () {return username;} public void setusername (string username) {This. username = username;} Public String getsessionid () {return sessionid;} public void setsessionid (string sessionid) {This. sessionid = sessionid;} Public String getuserip () {return userip;} public void setuserip (string userip) {This. userip = userip;} public httpsession getsession () {return session;} public void setsession (httpsession session) {This. session = session;} Public String getlogintime () {return logintime;} public void setlogintime (string logintime) {This. logintime = logintime;} Public String tostring () {return "onlineuser {userid =" + userid + ", useraccount =" + useraccount + ", username" + username + ", logintime = "+ logintime +", userip = "+ userip +", sessionid = "+ sessionid + "}";} // ====================== the following data is only recorded on the system login date ================== ======================================/// private string logouttime; // exit timestamp; // Private string logouttype; // exit mode: "session timed out and exited"; "1 actively exited" // Private string lastaccessedtime; // last access time}